Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Enhancing Security Admin Capabilities and the End User Email Experience for Office 365

Microsoft

Office 365 Advanced Threat Protection (ATP) secures more end users in Office 365 than all our competitors combined and can block >99.9% of malware.  To pair with these protection capabilities of ATP, customers have also asked for greater visibility into their environment. Today we’re excited to announce enhancements to Office 365 ATP addressing this customer need.

 

Reporting Enhancements for Office ATP Admins

For admins, it is critical to have threat information quickly and also representative of the latest impact of threats to the organization.  One of our enhancements to Office 365 ATP reporting is that new threat information will be offered in near real-time, viewed in an updated UI.  Threat information in the reports will update in minutes, providing the latest threat details across your Office 365 environment.  In addition to faster reporting updates, we’re also excited to launch four new types of reports which help improve the admin experience and provide crucial data on threats impacting your Office 365 environment. 

 

  • User-reported – this report shows admins all the emails that end-users submit to Microsoft using the “Report Message’ add-in that we describe further below. The report also provides filtering by the email threat category selected by the user Figure 1.  User Reported ViewFigure 1. User Reported View

 

  • Phish – this report shows all the emails that are categorized as phishing emails by the advanced machine learning models, impersonation and spoofing protection technology within ATP. The reporting metadata includes delivery status, and details regarding the attachment, header and body for these emails Figure 2. Phish ViewFigure 2. Phish View

 

  • Content Malware – earlier this month, we expanded ATP coverage for SharePoint Online, OneDrive for Business, and Microsoft Teams. The content malware report provides information on malware that is detected and blocked in these services. Figure 3.  Content Malware ViewFigure 3. Content Malware View

 

  • Malware -- These new reports offer admins greater visibility and detail into the protection status of their tenant.  This added visibility tightens security for organizations, as admins can make confident policy and configuration updates to help reduce impact from the latest threats.

 

Figure 4.  Malware ViewFigure 4. Malware View

 

Reporting Suspicious Messages for EOP/Office ATP Users

Many of our customers now train end-users to spot suspicious emails.  It is important to offer end-users an easy way to report suspicious emails that their security teams can analyze and quickly assess. The ‘Report message’ add-in makes this very easy for customers.  To activate the add-in, follow these instructions. End-users can report suspicious emails directly to Microsoft so that we can quickly update and enhance our protection capabilities.  Emails can be reported as either ‘junk’ or ‘Phish’. Additionally, this feature is coupled with the powerful ‘User-Reported’ view.  Now admins have visibility into emails that users consider suspicious.  This visibility is crucial and enables admins to understand:

 

  • The variety and volume of threats potentially missed
  • Which emails to immediately quarantine
  • If end-user training is effective and which users may need further training(with tools like Office 365 Threat Intelligence’s new Attack Simulator feature)
  • That Microsoft directly receives potentially malicious messages and rapidly broadens its scope of protection with near real-time user feedback

 

Ultimately, greater telemetry strengthens the ability to mitigate threats.  With the new ‘Report Message’ add-in, Microsoft has enabled near real-time access to threats, leveraging the scale of our customers end-users broadening our telemetry and improving the protection of Office 365. 

 

Debraj5.png

 

Send Us Your Feedback

We look forward to your feedback once you experience the new ‘Report Message’ add-in and the updates to ATP reporting.  Your valuable feedback enables us to continue improving and adding features that support the goal of making ATP the premiere advanced security service for Office 365.  If you have not tried Office 365 Advanced Threat Protection for your organization yet, you should begin a free Office 365 E5 trial today and start securing your organization from today’s most sophisticated threats.

 

 

16 Replies
Great to hear! Really interesting? Will be this add-on in future a replacement for Junk button in Outlook?
best response confirmed by Deleted
Solution

We often report messages from shared mailboxes that receive junk \ phishing email but it looks like the new report message add-in does not work for this situation with attached error message.  Is there a way to enable the feature for this situation?   Otherwise we are really looking forward to using this feature in our organization.

No.  You will still have the junk mail folder.  This is in the event your end user believes and email that lands in the inbox should have been something that landed in junk.

I think the question was will this new add-in replace Microsoft's previous one located here?  Which I'm wondering about as well.

 

https://www.microsoft.com/en-us/download/details.aspx?id=18275

Do all of these features - including the real-time reports and the 'Report message’ add-in - require E5 licensing?

Hi Tony,

 

The ATP real time reports are available with a Standalone ATP license or with an Office 365 E5 license.  The 'Report Message' is for any Office 365 license.  Thanks.

On the following page about how to "Use the Report Message add-in"  "https://support.office.com/en-us/article/use-the-report-message-add-in-b5caa9f1-cdf3-4443-af8c-ff724..." towards the bottom under "tips" it states "If you're using an Exchange server email account, your Exchange administrator may have chosen one of these settings for you. If so, you can't reset the option yourself." - to me this implies we the administrators are able to control the settings for options in the report message add-in.  But I'm not able to find any instructions or information on how I would configure this and force options for our users which we would like to do in our environment.  Is this actually possible or if not, something that could be added at some point? 

 

Is Microsoft going to be analyzing the reported phishing emails and getting back to the users whether they are legitimate or not?

No.  We're working on a way to actually provide a response to customers, but that is not available yet.

Can you link us to a roadmap entry so that we can track availability?

Hi Tony,

 

Apologies.  I am not sure why this was left off the message center post.  There is no roadmap item attributed to the add-in.  However, for the reports, the roadmap entry is called: "Office 365 ATP Enhanced Reporting".  Thank you.

Will the Report Message add-in provide options to submit malicious URL's not detected by SafeLinks?

we have tried to enable Atp real time reports and ended with below error message. Any help

So am I suppost to down load office 365 trial I also need a good E-mail App.

Is it possible if I, as a tenant admin, can see the reports in my user-reported view submitted by another tenant's user? Like say, if one of my users were impersonated and sent out a phishing email to another user from another organization, and that said user then reports the Phishing email seemingly coming from *my* user, would that appear in my user-reported view?

it is possible to identify how may we have submitted from our  tenant. if there any options

1 best response

Accepted Solutions
best response confirmed by Deleted
Solution

We often report messages from shared mailboxes that receive junk \ phishing email but it looks like the new report message add-in does not work for this situation with attached error message.  Is there a way to enable the feature for this situation?   Otherwise we are really looking forward to using this feature in our organization.

View solution in original post